Data protection statement and information obligations pursuant to the GDPR

Data protection and the protection of your personal data is our top priority. In the following, we have provided information about the way we process personal data on our website. The processing of personal data is carried out in accordance with the regulations of the German Federal Data Protection Act (BDSG), applicable until 24/5/2018, the German Teleservices Act (TMG) and the General Data Protection Regulation (GDPR), applicable from 25/5/2018, as well as the new German Federal Data Protection Act (BDSG-neu).

1. Name and address of the controller EVEN ON SUNDAY GmbH, Netter PLatz 4, 49090 Osnabrück
Represented by the General Management: Janek Feldmann, David Pérez González
Tel: +49 (0) 541 982686-10, E-Mail: hello(at)even-on-sunday.com

2. Contact details of the Data Protection Officer Detlef Breuker, c/o C&S Consulting, Ochsenweg 62 b, 49324 Melle
Email: info(at)datenschutz-os.de

3. Processing of personal data on our website 3.1. Provision of website and generation of log files If you all you want to do is visit our website and access the information on it, you do not have to give us your personal details.
During your visit to our website, we collect and use only the data that your web browser transmits to us automatically:

- date and time one of our web pages was accessed
- your browser type
- your browser settings
- your IP address
- the pages you visited

We use this data for technical reasons to enable you to visit our website. In addition, we use this data for statistical purposes, and to improve the design and layout of our website. We store the IP address for the purpose of guaranteeing and maintaining IT security (e.g. recognition of, and defence against, DoS attacks) and to ensure the website functions properly.
The legal basis for the temporary storage of data is point (f) of Article 6(1) GDPR.

3.2. Personal data Personal data is captured only if you have given it voluntarily as part of a contact enquiry or when registering for the newsletter.

3.3. Contact form, newsletter Several contact forms are available on our website, which can be used for making contact with us electronically.
By using these options, the data entered in the input mask is transmitted to us and stored. The following data is collected regardless of the particular form completed:

- first name
- name
- email address

To process data as part of this sending procedure, your consent is obtained, if required, and you are referred to this data protection statement.
The data transferred to us is encrypted.
Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored.

3.4. Purposes and legal basis for data processing The processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data.

The newsletter contains regular updates about interesting offers, news and stories concerning our company. The legal basis for the processing of data is the presence of consent pursuant to point (a) of Article 6(1) GDPR.

The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1)  GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR.

3.5. Duration of storage Data is stored for the dispatch of the newsletter until such time as the data subject opts out from receiving the newsletter with future effect. Contact forms: If there is no purpose for storing the data, the personal data is blocked or erased, so long as there is no conflict with statutory retention obligations.

3.6. Recipients or categories of recipient of data (provided that data transmission takes place) Your data is received within the company by the departments that need it to respond to your enquiry.

3.7. Information on the rights of the data subject According to the GDPR, every data subject is given the following data protection rights:

- Right to access (information) pursuant to Article 15 GDPR
- Right to rectification of inaccurate data pursuant to Article 16 GDPR
- Right to erasure pursuant to Article 17 GDPR
- Right to restriction of processing pursuant to Article 18 GDPR
- Right to data portability pursuant to Article 20 GDPR
- Right to object pursuant to Article 21 GDPR

To exercise your above-mentioned rights and to withdraw consent, please contact us at the email address given on the Legal web page.

You have the right to lodge a complaint with a supervisory authority. You can assert this right to lodge a complaint with a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. Before you contact the responsible supervisory authority to lodge a complaint, we would request that you clarify the matter with our Data Protection Officer.

3.8. Envisaged data transmission to third countries At present, we do not transmit data to third countries, nor do we envisage doing so in the future.

4. Placement of cookies We use cookies on our website. These are small data files that are sent from our web server to your computer to identify the computer for the duration of the visit. We do not capture any personal data via these cookies.
It is also possible to display our website without cookies being stored. You can deactivate the setting of cookies in your browser settings or set your browser to notify you if a website intends to store cookies on your computer. In this instance, you decide whether to accept cookies. For technical reasons, however, it is necessary that you allow all temporary cookies for all the features of the website to be fully functional.

5. Security measures We implement technical and organisational security measures to protect personal data, especially from accidental or intentional manipulation, loss, disruption or from access by unauthorised persons. We constantly improve our security measures in line with technological developments. We would point out that when data is transmitted through the internet, third parties can take cognizance of this data or falsify it, despite any security measures deployed.

6. Contact If you have any questions or suggestions about this data protection statement, please contact us at the address given on the Legal web page.

7. Updating our data protection guidelines The ongoing technical further development of IT technology and the internet also means that we need to adapt our existing data protection statement. We therefore reserve the right to make amendments and changes to this data protection statement.

© 2019 EVEN ON SUNDAY GmbH